/Kubestroyer

Kubernetes exploitation tool

Primary LanguageGoMIT LicenseMIT

Contributors Forks Stargazers Issues MIT License


Logo

Kubestroyer

Kubestroyer aims to exploit Kubernetes clusters misconfigurations and be the swiss army knife of your Kubernetes pentests
Explore the docs »

Report Bug · Request Feature

Table of Contents
  1. About The Project
  2. Getting Started
  3. Usage
  4. Roadmap
  5. Contributing
  6. License
  7. Contact

About The Project

Product Name Screen Shot

Kubestroyer is a Golang exploitation tool that aims to take advantage of Kubernetes clusters misconfigurations.

The tool is scanning known Kubernetes ports that can be exposed as well as exploiting them.

(back to top)

Built With


Golang

(back to top)

Getting Started

To get a local copy up and running follow these simple example steps.

Prerequisites

  • Go 1.19 
    wget https://go.dev/dl/go1.19.4.linux-amd64.tar.gz
tar -C /usr/local -xzf go1.19.4.linux-amd64.tar.gz

Installation

Use prebuilt binary or build from source:

  1. Clone the repo 
    git clone https://github.com/Rolix44/Kubestroyer.git
  2. build the binary 
    go build -o Kubestroyer main.go

(back to top)

Usage

Product usage

Parameter Description Mand/opt Example
-t / --target Target (IP or domain) Mandatory -t localhost
--node-scan Enable node port scanning (port 30000 to 32767) Optionnal -t localhost --node-scan
--anon-rce RCE using Kubelet API anonymous auth Optionnal -t localhost --anon-rce
-x Command to execute when using RCE (display service account token by default) Optionnal -t localhost --anon-rce -x "ls -al"

(back to top)

Roadmap

  • Split main into different packages
  • Target selection
    • List of multiple targets
    • input file as target parameter
  • Description for each detected open port
  • Choose the pod for anon RCE

See the open issues for a full list of proposed features (and known issues).

(back to top)

Contributing

Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.

If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!

  1. Fork the Project
  2. Create your Feature Branch (git checkout -b feature/AmazingFeature)
  3. Commit your Changes (git commit -m 'Add some AmazingFeature')
  4. Push to the Branch (git push origin feature/AmazingFeature)
  5. Open a Pull Request

(back to top)

License

Distributed under the MIT License. See LICENSE.txt for more information.

(back to top)

Contact

Rolix - @Rolix_cy - rolixcy@protonmail.com

Project Link: https://github.com/Rolix44/Kubestroyer

(back to top)